Plain English

What this means is that a valid security certificate for Google, issued by DigiNotar, was released to a third party, making it possible for that third party to masquerade as Google and obtain sensitive user information such as usernames and passwords. Worse, the certificate was a wildcard, meaning it was valid for any Google domain. Google's above-referenced blog post asserts the attack was only focused on Iranian targets. However, the SSL certificate should be deleted or marked as untrusted on all computers while the investigation is ongoing.